| dc.contributor.advisor | Shafi Goldwasser. | en_US |
| dc.contributor.author | Lim, Dah-Yoh, 1978- | en_US |
| dc.contributor.other | Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science. | en_US |
| dc.date.accessioned | 2005-09-27T16:56:20Z | |
| dc.date.available | 2005-09-27T16:56:20Z | |
| dc.date.copyright | 2004 | en_US |
| dc.date.issued | 2004 | en_US |
| dc.identifier.uri | http://hdl.handle.net/1721.1/28547 | |
| dc.description | Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004. | en_US |
| dc.description | In title on t.p., "[Nu]" and "[Rho]" appear as upper-case Greek letters. | en_US |
| dc.description | Includes bibliographical references (p. 57-61). | en_US |
| dc.description.abstract | (cont.) to the verifier. | en_US |
| dc.description.abstract | We consider an implementation of a weakened notion of zero-knowledge (weak ZK) where the simulator is also allowed to depend on the distinguisher as well, so this type of ZK entails exhibiting an efficient simulator for every efficient (Verifier, Distinguisher) pair. This notion is interesting because in many applications of ZK protocols, weak ZK is actually enough. In addition, Goldreich and Krawczyk's proof (SICOMP 1996) of the non-existence 1 of 3-round black-box ZK protocols carries over to weak ZK directly, so we know that 3-round black-box weak ZK protocols do not exist. In this thesis we are concerned with 3-round proofs for hP: under the standard computational Diffie-Hellman assumption, we construct a 3-round weak ZK proof for NP [nu rho] with inverse-polynomial soundness error. To the best of our knowledge, there have been two constructive results, of Hada and Tanaka (Crypto 1998) and Lepinski (MIT Master's thesis 2001) respectively, stating that assuming some non-standard assumptions, 3-round (traditional) ZK protocols (arguments or proofs respectively) for NP [nu rho] with negligible soundness error do exist. We use the idea of intertwining Oblivious Transfer with a ZK protocol given by Lepinski to prove our result. For every verifier and distinguisher, we construct a different simulator. The technique of simulation is novel and we believe it will have future uses. For instance, our protocol is actually WI with negligible soundness error, by virtue of Feige and Shamir's result (STOC 1990) that WI protocols do compose in parallel. Furthermore, since the first two rounds of our protocol are actually independent of the theorem to be proven, we can think of these two rounds as an interactive setup phase after which the prover can non-interactively prove | en_US |
| dc.description.statementofresponsibility | by Dah-Yoh Lim. | en_US |
| dc.format.extent | 61 p. | en_US |
| dc.format.extent | 2660263 bytes | |
| dc.format.extent | 2665836 bytes | |
| dc.format.mimetype | application/pdf | |
| dc.format.mimetype | application/pdf | |
| dc.language.iso | en_US | |
| dc.publisher | Massachusetts Institute of Technology | en_US |
| dc.rights | M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. | en_US |
| dc.rights.uri | http://dspace.mit.edu/handle/1721.1/7582 | |
| dc.subject | Electrical Engineering and Computer Science. | en_US |
| dc.title | 3-round weak zero-knowledge proofs for [Nu] [Rho] | en_US |
| dc.title.alternative | Three-round weak ZK proofs for [Nu] [Rho] | en_US |
| dc.type | Thesis | en_US |
| dc.description.degree | S.M. | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | |
| dc.identifier.oclc | 57401138 | en_US |
